[WXC/VFX] Intermittant DNS Failures?

Forums › Vodafone New Zealand › [WXC/VFX] Intermittant DNS Failures?

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 37359 11-Jul-2009 18:35

Anyone else noticing that Xnet seems to occaisionally just 'fail' DNS lookups?

My DSL Router returned 'SERVFAIL' for several seconds - enough to nuke a couple of web page load attempts - and it comes right again.

Has happened several times over the last few days.
I know it's not killing my connection, because open TCP sessions aren't interrupted.

No signature to see here, move along...

1 | 2 | 3

249 posts

Master Geek
Inactive user

# 234291 12-Jul-2009 10:53

I had that too; just one of the reasons I moved back to Telecom and have not regretted the move one little bit.

rhy7s

312 posts

Ultimate Geek
+1 received by user: 30

# 234298 12-Jul-2009 11:24

OpenDNS.com

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 234323 12-Jul-2009 13:11

rhy7s: thanks for your most unhelpful response. I run my own dns servers and don't need people telling me to use external DNS. What I need is an ISP who actually provides reliable connectivity and services.

(For si mplicity, I run DHCP on my router, which gives me IP's and sets my DNS to be the router, which in turn uses auto-assign DNS from the ISP. I'd rather not have to stand up an internal DHCP server with different params to simply allow me to reliably surf the web from home.)

I was mere inches from ISP-hopping a while back and Xnet seemed to finally sort out their stuff. However we're wading back into non-performing territory and I thought i'd find out if it was 'just me' before I start writing manure-o-grams.

No signature to see here, move along...

rhy7s

312 posts

Ultimate Geek
+1 received by user: 30

# 234328 12-Jul-2009 13:42

DNS is fundamentally an external services unless you're only visiting the same sites and could run from a local cache. I've been with a few ISPs over the years (Telecom, Orcon and WorldXchange at this address, other addresses with Slingshot and iHug) and haven't had reliable DNS with any of them. OpenDNS just works for me. Can you not configure your router to use manually assigned DNS servers?

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 234335 12-Jul-2009 13:58

rhy7s: DNS is fundamentally an external services unless you're only visiting the same sites and could run from a local cache.

coughsplutterchoke

Are you serious?

First, any ISP trying to sell their services without providing DNS resolvers is doomed to fail, eh. DNS is, uh, kinda important to the whole surf-the-web proposition?

Second, any ISP trying to sell their services without providing DNS resolvers and instead 'freeloading' by suggesting customers should point their DNS settings at those provided by a third party (that they have no business relationship with) is a joke, right? Coz that's essentially what you're suggesting.

I've been with a few ISPs over the years (Telecom, Orcon and WorldXchange at this address, other addresses with Slingshot and iHug) and haven't had reliable DNS with any of them. OpenDNS just works for me. Can you not configure your router to use manually assigned DNS servers?

Not only have I been with several ISPs, I've _worked_ for several. None of the ISPs i've used - or worked for - provided local DNS resolvers that were so poor (exception perhaps: Xtra, and the fun they had with alien/terminator some years ago) at providing reliable lookups.

Third point. Dija happen to notice the major vulnerabilities in BIND that hit the news a while back, and that one of the major measures taken to improve the security of resolvers was to forbid 'anonymous' external lookups, right? Thus why many ISPs in NZ don't allow external DNS lookups from external IP ranges.

So how is it in any way smart, to advocate a solution which pushes my DNS query to a third party system, that I don't have a business relationship with, that is further away in latency stakes (thus making the whole process slower), that is obviously equipped to allow anonymous external DNS lookups (and thus is potentially less secure)... when the ISP I connect to (and every one that i've connected to in the past 15-odd years) provides DNS service?

Sorry to break it to you mate, but providing DNS resolution services is kinda fundamental to the whole providing-internet-access thing, most especially for residential-grade services where the customer is usually not going to be in a position to run their own resolvers..., so whilst it's nice of you to make excuses on Xnet's behalf... you're trolling, right?

I see nothing unreasonable about expecting reliable DNS from my ISP, given that pretty much every ISP i've dealt with (and i've dealt with several) have been able to provide same.
OpenDNS is a lovely contingency option. But there's no way that it should be business-as-usual.
I posted on here to find out if it affected anyone else. It does, so i'll pursue the issue further.

Thanks for your help. :-)

No signature to see here, move along...

rhy7s

312 posts

Ultimate Geek
+1 received by user: 30

# 234675 13-Jul-2009 12:55

BlakJak:
rhy7s: DNS is fundamentally an external services unless you're only visiting the same sites and could run from a local cache.

coughsplutterchoke

Are you serious?

Yes? Anything offsite is external surely? And the cascading hierarchy of the DNS resolving system extends much further than the ISP ultimately.

You said:

BlakJak: I run my own dns servers and don't need people telling me to use external DNS.

Have you tried bypassing the DNS relay in your router to see if the same behaviour occurs? By manually specifying DNS servers on your client devices? However, I thought a SERVFAIL meant that the authoritative server for the requested domain didn't respond - which means without a cached entry, changing DNS servers wouldn't help.

BlakJak: First, any ISP trying to sell their services without providing DNS resolvers is doomed to fail, eh. DNS is, uh, kinda important to the whole surf-the-web proposition?

I imagine it would be a hard sell in the home market, but DNS certainly doesn't have to reside with the ISP, though it's definitely desirable.

BlakJak:

Second, any ISP trying to sell their services without providing DNS resolvers and instead 'freeloading' by suggesting customers should point their DNS settings at those provided by a third party (that they have no business relationship with) is a joke, right? Coz that's essentially what you're suggesting.

Everyone's got their own expectations from ISPs. I find most of the offerings from ISPs beyond the bandwidth a bit of a joke. I don't like being locked into contracts because they have to recoup the costs of extra bundled cruft (I'm tossing up whether to switch to an ISP with these disadvantages in the near future though). Imagine being locked into your ISP's email service and hosting arrangements. Luckily we have a lot of options for services provided over the internet.

BlakJak:
rhy7s:

I've been with a few ISPs over the years (Telecom, Orcon and WorldXchange at this address, other addresses with Slingshot and iHug) and haven't had reliable DNS with any of them. OpenDNS just works for me. Can you not configure your router to use manually assigned DNS servers?

Not only have I been with several ISPs, I've _worked_ for several. None of the ISPs i've used - or worked for - provided local DNS resolvers that were so poor (exception perhaps: Xtra, and the fun they had with alien/terminator some years ago) at providing reliable lookups.

Third point. Dija happen to notice the major vulnerabilities in BIND that hit the news a while back, and that one of the major measures taken to improve the security of resolvers was to forbid 'anonymous' external lookups, right? Thus why many ISPs in NZ don't allow external DNS lookups from external IP ranges.

Yeah, luckily thanks to pfSense and OpenDNS this wasn't a biggie for me blog.pfsense.org/?p=220

BlakJak:

So how is it in any way smart, to advocate a solution which pushes my DNS query to a third party system, that I don't have a business relationship with, that is further away in latency stakes (thus making the whole process slower), that is obviously equipped to allow anonymous external DNS lookups (and thus is potentially less secure)... when the ISP I connect to (and every one that i've connected to in the past 15-odd years) provides DNS service?

Sorry to break it to you mate, but providing DNS resolution services is kinda fundamental to the whole providing-internet-access thing, most especially for residential-grade services where the customer is usually not going to be in a position to run their own resolvers..., so whilst it's nice of you to make excuses on Xnet's behalf... you're trolling, right?

No, I was just trying to help out. I don't have any reason to make an excuse for Xnet.

BlakJak:

I see nothing unreasonable about expecting reliable DNS from my ISP, given that pretty much every ISP i've dealt with (and i've dealt with several) have been able to provide same.

OpenDNS is a lovely contingency option. But there's no way that it should be business-as-usual.

I posted on here to find out if it affected anyone else. It does, so i'll pursue the issue further.

Thanks for your help. :-)

I don't see anything unreasonable in that either, I'm just saying that it hasn't been my experience.

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 234716 13-Jul-2009 14:16

If you meant to originally suggest that DNS answers being supplied by external providers are beyond the control of the ISP - then of course I agree (being the nature of the entire system) however the DNS records i'm experiencing timeouts with are ones that're a) answered with a valid response mere seconds earlier and b) almost certainly cached.

SERVFAIL is a 'fault' because as you point out, it's not the right answer if there's a timeout going on. It's an actual 'sorry, authoritively, the query failed' .

I've experienced slow responses, too, and these dont result in DNS failures... they just take a long time. An actual failure to look up an address (such as geekzone.co.nz) when i'm actually browsing their forums -right then- (for example.. clicking on 'post reply' invoked a failure over the weekend, even though I had a dozen tabs open to geekzone forums and Xnet most certainly should've had the address record cached) is not what i'd expect.

Sad that you've ceased seeing anything but the pipe itself, as part of the ISP offering. I at minimum expect an ISP to provide:

- Pipe aka IP and routability
- DNS resolution services
- SMTP relay services

These are pretty much fundamental, as there should be no need to engage third parties to achieve the above. As you point out, lock in is a 'bad thing(tm)' - one should have the choice, and generally does. However the 'basics' should be - and are - part of the services that ISPs offer. By extension, they should be generally reliable. What i'm seeing is not what I would call 'generally reliable'. 'mostly', perhaps - but in effect, failure to provide DNS = failure to provide internet service. So as much as my line is still up and my routes still work, I call it a service outage.

BJ.

PS: I have no doubt that if I were to bypass Xnet's DNS and use my own NS, I wouldn't expect problems. I've infact done so as recently as a few months ago when the problem got really bad, for brief periods. Shouldn't. Have. To.

No signature to see here, move along...

rhy7s

312 posts

Ultimate Geek
+1 received by user: 30

# 234726 13-Jul-2009 14:41

BlakJak: An actual failure to look up an address (such as geekzone.co.nz) when i'm actually browsing their forums -right then- (for example.. clicking on 'post reply' invoked a failure over the weekend, even though I had a dozen tabs open to geekzone forums and Xnet most certainly should've had the address record cached) is not what i'd expect.

What browser and OS are you using? I would have expected that example to be resolved by the cache of either the browser or OS, and possibly the router if it maintains a cache as well.

frio

80 posts

Master Geek

# 234777 13-Jul-2009 15:54

Hi BlakJak,
We recently added a new DNS server designed specifically to target a problem some customers were experiencing (it went live late June) - including slow response times and sporadic failures. Since putting this in (it's been added to the network as 58.28.5.2), we've seen a marked drop in DNS related issues, and a marked increase in performance. A second customer-facing DNS server will be added at the end of this week.

If you're experiencing problems, the *very* first thing I would suggest is to set your PC to use 58.28.5.2 and 58.28.6.2 as DNS servers, as opposed to using your router (which will set your PC to use the router as the DNS server, and forward on DNS requests). While I don't know what router you have, most consumer equipment currently in use uses a lobotomised copy of dnsmasq (an open source project) as its DHCP/caching DNS server, and performs well below how it should do.

Please give that a go and see if your problems persist!

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 234788 13-Jul-2009 16:10

Hi frio, thanks for picking up this thread. The Auto-Assigned DNS servers my DSL Router (a Netgear DG834G) has logged are 58.28.5.2 and 58.28.6.2, so I see you're already directing load at the new NS.

For the record, problems i've had relating to DNS over the last week or two have been experienced on both an Ubuntu 9.04 desktop, and a Tablet PC running Windows XP SP2 Tablet Edition. My wife has reported similar issues on a Windows XP based desktop machine as well.

I'd prefer not to assign static DNS to the laptops (we have three), as they are used in several different network environments - not all of which provide full internet connectivity. Further I'm not sure that making a farce out of my DSL router's DHCP service is necessarily helpful :-) I've used several DG834's across several ISPs and would not attribute my user-experience to an issue with the make/model.

However, For troubleshootings sake I'll change the desktop systems and see if we can gauge any change in performance over the next several days.

Unfortunately this is a fault which is intermittant, so it's hard to come up with detailed diagnostics. Generally retrying the URL after a couple of seconds is successful, if not the first then usually the second or third time, and the fault may not return for minutes or hours afterward. It's just frustrating!!

Cheers.

No signature to see here, move along...

frio

80 posts

Master Geek

# 234803 13-Jul-2009 16:50

I can more than understand the frustration; I used to have serious problems with DNS as well. Fortunately, mine legitimately was an issue with my aging modem (Dynalunk RTA230) and the DNS software it ran; bypassing the modem fixed the problem for me (the ultimate solution I reached was nabbing a WRT54GL and putting Tomato on it).

Which is the real reason I mention modems - in my experience when I worked the helpdesk, it would be extremely rare for a DNS problem to turn out to be on Xnet's end, rather than the modem's. I do understand that hard-setting DNS servers in the computers may be undesirable (I'd be pissed if I had to change the DNS servers for my laptop constantly) - so perhaps it might be beneficial to look into the modem itself. I haven't worked the helpdesk for a while now, so I can't remember specifically if this option is present in the DG834G, but I'd recommend looking for an option to pass the ISP's DNS servers through to the computers, rather than using the modem's DNS forwarder (in the case of the DG834G, Netgear have opted to use dproxy - an open source project that hasn't seen an official release since the year 2000!). Hopefully it's there somewhere, and hopefully you see an improvement :), as I honestly do believe that the modem is the most likely place for the problem to stem from.

The real reason I'm replying here however is because we are keeping a close eye out for any issue with the new DNS server, so I will take a look at it :). I'd really appreciate if, when you do note this happening, you could please scribble down the time you noticed the failure and the site you were trying to visit (as that'll help me find anything related in the logs), and PM me that info along with your username (so I can grab your IP at the time).

Regs

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted

Microsoft NZ

Subscriber

# 234924 13-Jul-2009 20:57

is your router assigning the real dns addresses to clients, or is it handing the clients the router ip address for dns queries (dns proxy)?

i've seen a few buggy routers in the past which didnt do a good job of dns proxy so i usually disable it

Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

dawnraid

100 posts

Master Geek
Inactive user

# 234946 13-Jul-2009 21:56

Hey BlakJak, take a chill pill. I see your reasons as to why you are so opposed to a third party DNS provider as being far from logical. Heck its only resolving ip's nothing to get worried about for security, also a few extra milliseconds latency is not even worth get your knickers in a knot. We all know Xnet sometimes has crappy services, live with it or do something about it.

Fraktul

836 posts

Ultimate Geek

Trusted

# 234967 13-Jul-2009 22:28

dawnraid: Hey BlakJak, take a chill pill. I see your reasons as to why you are so opposed to a third party DNS provider as being far from logical. Heck its only resolving ip's nothing to get worried about for security, also a few extra milliseconds latency is not even worth get your knickers in a knot. We all know Xnet sometimes has crappy services, live with it or do something about it.

He has a legitimate gripe - a service he is paying for may not be working correctly. Using OpenDNS has potentially quite a few disadvantages. Those are the facts - your opinion otherwise is beside the point.

BlakJak

674 posts

Ultimate Geek
+1 received by user: 98

Trusted

# 234968 13-Jul-2009 22:30

frio: Thanks again for your comments. I appreciate the fact the issue has been identified and is having due attention paid ISP-side.
Your comments will probably provide the catalyst to get around to the firmware upgrade i've been planning to put onto my DG834 for quite some time... maybe this weekend...

For the record the Router hands out 'itself' as the DNS server, and must do the proxy/resolver thing. Again, have had plenty of success with this model until relatively recently.

My reason for posting on GZ in the first place was to see if it was an issue wider than 'just me' ... esp. in light of previous 'issues' which obviously brought about Xnet paying attention to the issue.

Of course i'm going to look in-house if i'm a standalone case. Happy enough to do so.

dawnraid: Hey BlakJak, take a chill pill. I see your reasons as to why you are so opposed to a third party DNS provider as being far from logical. Heck its only resolving ip's nothing to get worried about for security, also a few extra milliseconds latency is not even worth get your knickers in a knot. We all know Xnet sometimes has crappy services, live with it or do something about it.

Sorry mate but I think my reasons are pretty logical, even if I am something of a 'purist'. I'm quite capable of being independent of my ISPs DNS if I choose, but I maintain that I 'shouldn't have to'. Seems straight-forward enough to me.

Incidentally, though it seems to be the common opinion of many on this forum, I never saw Xnet as an ISP that was somehow entitled to provide 'sometimes crappy services' by virtue of the amount of money they charge. I was a little surprised to see people painting them as a 'budget' ISP. I still pay a monthly fee in return for a given service, and have what I think are fairly reasonable expectations of that service.
When they're communicative and helpful to their customers, they get big kudos from my corner.

No knots in these Knickers!! :-) Though I found rhy7s's answer a little exasperating, for reasons i've already explained.

No signature to see here, move along...

1 | 2 | 3